Aligning CISOs and Internal Audit to Automate SAP Cybersecurity
Brad Maiorino | CISO, Target
Compliance with internal audits often escalates a project’s priority, forcing CISOs to put resource-intensive internal audit requests ahead of security-focused initiatives necessary to keep pace with the rapidly-shifting threat landscape.
Because of the critical nature of SAP systems and the business and financial processes they enable, its applications are the target of numerous industry standards and regulatory demands such as PCI, NIST, SoX and beyond. These applications are also increasingly the target of criminal threats from inside and outside an enterprise. In fact, in a recent Ponemon Institute survey, 65% of survey respondents disclosed that their SAP systems were breached at least once in the past 24 months.
So how does today’s CISO balance these two competing priorities for their ERP systems – one a constant presence with clear consequences and the other a constant threat with often unknown, and possibly catastrophic, consequences – but both requiring constant vigilance?
Join Brad Maiorino, CISO of Target and Mariano Nunez, CEO of Onapsis Inc. for a roundtable discussion focused on how CISOs can meet this common challenge. Share challenges and hear success stories from other CISOs and SAP customers who have been able to strike that balance. Learn more about the solutions, cross-functional leadership, and partners who have helped them do it.
ONAPSIS BRIEFING CENTER PRESENTATION
Tuesday, February 14 | 12:40 - 1:10 PM | South Hall Briefing Center
SPEAKER: Sebastian Bortnik, Head of Research Labs, Onapsis
Zero-day vulnerabilities are one every CISO’s worst nightmares. Nothing can be more frightening than the lurking threat of an undisclosed vulnerability in your ERP system without a preventative patch available.
As the pioneer in cybersecurity for ERP and business-critical applications, we have always responsibly disclosed vulnerabilities found by our Research Labs. But, is there a way to help companies stay protected before the patch is available and without public disclosure of the advisory? It’s critical to continually secure business information and processes stored in ERP systems. This begs the question: is there a greater threat other than 0-day vulnerabilities facing ERP systems?
Join us to discuss how threats facing business-critical applications such as SAP are rapidly evolving and how malicious outsiders are exploiting vulnerabilities to access these critical systems. During this discussion, we will cover best strategic practices to employ in order to keep up with the latest vulnerabilities impacting your SAP system and applications.
REGISTER TO ATTEND WITH A FREE EXPO PASS
Registration for RSA Conference 2017 is now open! Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2017.
CISOs making the business decision to migrate critical ERP applications to the cloud struggle with security approaches. Trying to “lift & shift” existing on-premise controls to PaaS/IaaS is a path to failure. Cloud security for SAP and similar applications is unchartered territory. This session will explore cloud architectures, security models, application security controls and secure operations.